CVE-2019-1939:
CVE-2019-1939 describes a vulnerability in the Cisco Webex Teams Windows client where an unauthenticated remote attacker could execute arbitrary commands on an affected system by abusing improper restrictions in the application's logging features. Exploitation requires a user to visit a malicious website, and affected versions are Windows clients older than 3.0.12427.0. The vulnerability is rated CVSS v3.0 base score 7.5 (HIGH).
Score
A numerical rating that indicates how dangerous this vulnerability is.
8.8High- Published Date:Sep 5, 2019
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:2.2
- EPSS Percentile:84%
Exploitability
- Score:2.8
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:REQUIRED
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
CVE-2019-1939 describes a vulnerability in the Cisco Webex Teams Windows client where an unauthenticated remote attacker could execute arbitrary commands on an affected system by abusing improper restrictions in the application's logging features. Exploitation requires a user to visit a malicious website, and affected versions are Windows clients older than 3.0.12427.0. The vulnerability is rated CVSS v3.0 base score 7.5 (HIGH).
Overview
Cisco Webex Teams for Windows contains a command execution vulnerability stemming from insufficient restrictions in its logging functionality. An unauthenticated attacker could trigger arbitrary commands on a targeted system by persuading a user to visit a malicious website that submits crafted input to the application. The flaw affects Windows clients before version 3.0.12427.0 and carries a high risk with a CVSS v3.0 base score of 7.5, requiring user interaction and granting the attacker high impact on confidentiality, integrity, and availability.
Remediation
- Upgrade Cisco Webex Teams for Windows to version 3.0.12427.0 or later, as this contains the fix for the vulnerability.
- Enable and enforce automatic updates across the organization to ensure timely deployment of the patch.
- Verify deployment by checking the installed Webex Teams version on all endpoints after update.
- Review and follow the Cisco advisory cisco-sa-20190904-webex-teams for any vendor-specific mitigations or additional guidance.
- Educate users to avoid visiting untrusted or suspicious websites and to report any unusual application behavior promptly.
- After patching, conduct vulnerability scanning or asset inventory checks to confirm exposure has been remediated on affected endpoints.
References
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
